From dbe62811c7c48778484f0cde332e005f177e6ffd Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Mon, 18 Dec 2023 12:59:41 +0800 Subject: [PATCH] fix: agenix on nix-darwin, update flake.nix --- Makefile | 6 +- flake.lock | 84 +++++--------------- flake.nix | 28 +++++-- home/base/server/zellij/default.nix | 2 +- home/darwin/default.nix | 2 +- hosts/idols/aquamarine/default.nix | 2 +- hosts/idols/kana/default.nix | 2 +- hosts/idols/ruby/default.nix | 2 +- lib/colmenaSystem.nix | 1 - lib/macosSystem.nix | 1 + lib/nixosSystem.nix | 2 +- modules/base.nix | 19 ----- modules/darwin/nix-core.nix | 7 +- modules/nixos/base/misc.nix | 7 ++ overlays/fonts/default.nix | 2 +- overlays/fonts/icomoon-feather-icon-font.nix | 2 +- secrets/darwin.nix | 34 ++++++-- 17 files changed, 90 insertions(+), 113 deletions(-) diff --git a/Makefile b/Makefile index b9468f9f..acb7ba27 100644 --- a/Makefile +++ b/Makefile @@ -58,15 +58,13 @@ darwin-set-proxy: ha: darwin-set-proxy nix build .#darwinConfigurations.harmonica.system - ./result/sw/bin/darwin-rebuild switch --flake . + ./result/sw/bin/darwin-rebuild switch --flake .#harmonica sleep 1 - sudo chmod 644 /etc/agenix/alias-for-work.* ha-debug: darwin-set-proxy - nix build .#darwinConfigurations.harmonica.system --show-trace --verbose + nom build .#darwinConfigurations.harmonica.system --show-trace --verbose ./result/sw/bin/darwin-rebuild switch --flake .#harmonica --show-trace --verbose sleep 1 - sudo chmod 644 /etc/agenix/alias-for-work.* ############################################################################ # diff --git a/flake.lock b/flake.lock index a04bd9db..81984936 100644 --- a/flake.lock +++ b/flake.lock @@ -4,7 +4,9 @@ "inputs": { "darwin": "darwin", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1689334118, @@ -456,7 +458,9 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "systems": "systems", "wlroots": "wlroots", "xdph": "xdph" @@ -635,7 +639,7 @@ }, "nixos-licheepi4a": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "thead-kernel": "thead-kernel" }, "locked": { @@ -655,7 +659,7 @@ "nixos-rk3588": { "inputs": { "mesa-panfork": "mesa-panfork", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1694350741, @@ -673,16 +677,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", - "owner": "NixOS", + "lastModified": 1691280485, + "narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "240472b7e47a641e9e7675f58b64d3626ca7824d", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixos-23.05-small", "repo": "nixpkgs", "type": "github" } @@ -752,38 +756,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1700612854, - "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1691280485, - "narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "240472b7e47a641e9e7675f58b64d3626ca7824d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.05-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1691486536, "narHash": "sha256-W2jYTn6rNiJEpjXkOiZxNltgxxwgeZE5cQ967NgsrHU=", @@ -799,7 +771,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_3": { "locked": { "lastModified": 1702346276, "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=", @@ -815,7 +787,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1692221125, "narHash": "sha256-nKUDlbLL8/WW3Fpx9Y0sY+LliTqU3/GexvHU9BdA8Qk=", @@ -831,25 +803,9 @@ "type": "github" } }, - "nixpkgs_7": { - "locked": { - "lastModified": 1689261696, - "narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "df1eee2aa65052a18121ed4971081576b25d6b5c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur-ryan4yin": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1701952536, @@ -887,7 +843,9 @@ "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_2", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { @@ -958,7 +916,7 @@ "nixos-generators": "nixos-generators", "nixos-licheepi4a": "nixos-licheepi4a", "nixos-rk3588": "nixos-rk3588", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-unstable": "nixpkgs-unstable", "nur-ryan4yin": "nur-ryan4yin", diff --git a/flake.nix b/flake.nix index 9f505619..dbf0aee7 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ self, nixpkgs, nixpkgs-unstable, + nixpkgs-darwin, pre-commit-hooks, nix-darwin, home-manager, @@ -124,7 +125,7 @@ nixosConfigurations = let base_args = { inherit home-manager nixos-generators; - nixpkgs = nixpkgs; # or nixpkgs-unstable + inherit nixpkgs; # or nixpkgs-unstable system = x64_system; specialArgs = x64_specialArgs; }; @@ -145,7 +146,7 @@ # x86_64 related x64_base_args = { inherit home-manager; - nixpkgs = nixpkgs; # or nixpkgs-unstable + inherit nixpkgs; # or nixpkgs-unstable specialArgs = x64_specialArgs; }; @@ -160,7 +161,7 @@ // inputs; lpi4a_base_args = { inherit home-manager; - nixpkgs = nixos-licheepi4a.inputs.nixpkgs; # or nixpkgs-unstable + inherit (nixos-licheepi4a.inputs) nixpkgs; # or nixpkgs-unstable specialArgs = lpi4a_specialArgs; targetUser = "root"; }; @@ -175,7 +176,7 @@ // nixos-rk3588.inputs; rk3588_base_args = { inherit home-manager; - nixpkgs = nixos-rk3588.inputs.nixpkgs; # or nixpkgs-unstable + inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable specialArgs = rk3588_specialArgs; targetUser = "root"; }; @@ -253,7 +254,8 @@ } // inputs; base_args = { - inherit nix-darwin home-manager system specialArgs nixpkgs; + inherit nix-darwin home-manager system specialArgs; + nixpkgs = nixpkgs-darwin; }; in { harmonica = macosSystem (base_args @@ -306,7 +308,10 @@ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # add git hooks to format nix code before commit - pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # for macos nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin"; @@ -333,7 +338,11 @@ impermanence.url = "github:nix-community/impermanence"; - hyprland.url = "github:hyprwm/Hyprland/v0.33.1"; + hyprland = { + url = "github:hyprwm/Hyprland/v0.33.1"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # community wayland nixpkgs # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; # anyrun - a wayland launcher @@ -349,7 +358,10 @@ }; # secrets management, lock with git commit at 2023/7/15 - agenix.url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143"; + agenix = { + url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143"; + inputs.nixpkgs.follows = "nixpkgs"; + }; ######################## Some non-flake repositories ######################################### diff --git a/home/base/server/zellij/default.nix b/home/base/server/zellij/default.nix index fd7e3018..ff57a106 100644 --- a/home/base/server/zellij/default.nix +++ b/home/base/server/zellij/default.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs.zellij = { enable = true; }; diff --git a/home/darwin/default.nix b/home/darwin/default.nix index 26bf8bc3..d1c4a69c 100644 --- a/home/darwin/default.nix +++ b/home/darwin/default.nix @@ -11,7 +11,7 @@ # Home Manager needs a bit of information about you and the # paths it should manage. home = { - username = username; + inherit username; # set homeDirectory make build fail homeDirectory = "/Users/${username}"; diff --git a/hosts/idols/aquamarine/default.nix b/hosts/idols/aquamarine/default.nix index 9a7bb7b4..2927b529 100644 --- a/hosts/idols/aquamarine/default.nix +++ b/hosts/idols/aquamarine/default.nix @@ -1,4 +1,4 @@ -{...} @ args: +args: ############################################################# # # Aquamarine - A NixOS VM running on Proxmox diff --git a/hosts/idols/kana/default.nix b/hosts/idols/kana/default.nix index 91d7745b..772aec3a 100644 --- a/hosts/idols/kana/default.nix +++ b/hosts/idols/kana/default.nix @@ -1,4 +1,4 @@ -{...} @ args: +args: ############################################################# # # Kana - a NixOS VM running on Proxmox diff --git a/hosts/idols/ruby/default.nix b/hosts/idols/ruby/default.nix index 5adb953b..71091253 100644 --- a/hosts/idols/ruby/default.nix +++ b/hosts/idols/ruby/default.nix @@ -1,4 +1,4 @@ -{...} @ args: +args: ############################################################# # # Ruby - a NixOS VM running on Proxmox diff --git a/lib/colmenaSystem.nix b/lib/colmenaSystem.nix index dced1564..3cf4b3b2 100644 --- a/lib/colmenaSystem.nix +++ b/lib/colmenaSystem.nix @@ -12,7 +12,6 @@ in { name, - nodes, ... }: { deployment = { diff --git a/lib/macosSystem.nix b/lib/macosSystem.nix index 0887dc2b..44d581c4 100644 --- a/lib/macosSystem.nix +++ b/lib/macosSystem.nix @@ -15,6 +15,7 @@ in darwin-modules ++ [ ({lib, ...}: { + nixpkgs.pkgs = import nixpkgs {inherit system;}; # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake. nix.registry.nixpkgs.flake = nixpkgs; diff --git a/lib/nixosSystem.nix b/lib/nixosSystem.nix index d87d32c9..101bd404 100644 --- a/lib/nixosSystem.nix +++ b/lib/nixosSystem.nix @@ -7,7 +7,7 @@ nixos-modules, home-module, }: let - username = specialArgs.username; + inherit (specialArgs) username; in nixpkgs.lib.nixosSystem { inherit system specialArgs; diff --git a/modules/base.nix b/modules/base.nix index f8ba2580..713298df 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -29,25 +29,6 @@ builders-use-substitutes = true; }; - # do garbage collection weekly to keep disk usage low - nix.gc = - { - automatic = lib.mkDefault true; - options = lib.mkDefault "--delete-older-than 7d"; - } - // ( - if pkgs.stdenv.isLinux - then { - dates = lib.mkDefault "weekly"; - } - else { - # nix-darwin - interval = { - Hour = 24; - }; - } - ); - # Allow unfree packages nixpkgs.config.allowUnfree = lib.mkDefault false; } diff --git a/modules/darwin/nix-core.nix b/modules/darwin/nix-core.nix index 518f2b69..1aa111de 100644 --- a/modules/darwin/nix-core.nix +++ b/modules/darwin/nix-core.nix @@ -1,6 +1,5 @@ { pkgs, - lib, ... }: { ################################################################################### @@ -27,7 +26,7 @@ # Disable auto-optimise-store because of this issue: # https://github.com/NixOS/nix/issues/7273 # "error: cannot link '/nix/store/.tmp-link-xxxxx-xxxxx' to '/nix/store/.links/xxxx': File exists" - nix.settings = { - auto-optimise-store = false; - }; + nix.settings.auto-optimise-store = false; + + nix.gc.automatic = false; } diff --git a/modules/nixos/base/misc.nix b/modules/nixos/base/misc.nix index 8b07d6ac..cfba4d2f 100644 --- a/modules/nixos/base/misc.nix +++ b/modules/nixos/base/misc.nix @@ -15,6 +15,13 @@ # for nix server, we do not need to keep too much generations boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; + # do garbage collection weekly to keep disk usage low + nix.gc = { + automatic = lib.mkDefault true; + dates = lib.mkDefault "weekly"; + options = lib.mkDefault "--delete-older-than 7d"; + }; + # Manual optimise storage: nix-store --optimise # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store nix.settings.auto-optimise-store = true; diff --git a/overlays/fonts/default.nix b/overlays/fonts/default.nix index 99770062..757c6f5b 100644 --- a/overlays/fonts/default.nix +++ b/overlays/fonts/default.nix @@ -1,3 +1,3 @@ -{...}: (self: super: { +_: (self: super: { icomoon-feather-icon-font = super.callPackage ./icomoon-feather-icon-font.nix {}; }) diff --git a/overlays/fonts/icomoon-feather-icon-font.nix b/overlays/fonts/icomoon-feather-icon-font.nix index 5d6b8be5..59a85cb8 100644 --- a/overlays/fonts/icomoon-feather-icon-font.nix +++ b/overlays/fonts/icomoon-feather-icon-font.nix @@ -30,7 +30,7 @@ stdenvNoCC.mkDerivation rec { meta = with lib; { homepage = "https://github.com/feathericons/feather"; description = "Icomoon feather font"; - version = version; + inherit version; longDescription = '' Feather is a collection of simply beautiful open source icons. Each icon is designed on a 24x24 grid with an emphasis on simplicity, consistency, and flexibility. diff --git a/secrets/darwin.nix b/secrets/darwin.nix index b015d2da..ccebcbee 100644 --- a/secrets/darwin.nix +++ b/secrets/darwin.nix @@ -53,11 +53,33 @@ }; # activationScripts are executed every time you run `nixos-rebuild` / `darwin-rebuild`. - # but not when you reboot the system, so currently you need to run those commands manually after reboot... - # - # /etc/agenix/* will be created after the first time you run `nixos-rebuild` / `darwin-rebuild` successfully. - # so you may need to comment out the following lines if it's the first time you run `nixos-rebuild` / `darwin-rebuild` on a new system. - system.activationScripts.postUserActivation.text = '' - sudo chmod 644 /etc/agenix/* + system.activationScripts.postActivation.text = '' + chmod 644 /etc/agenix/* + ''; + # When you eboot the system, only these scripts will be executed: + # https://github.com/LnL7/nix-darwin/blob/4eb1c549a9d4/modules/services/activate-system/default.nix6 + # So we need to add the following line to the script: + launchd.daemons.activate-system.script = '' + set -e + set -o pipefail + export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin" + + systemConfig=$(cat ${config.system.profile}/systemConfig) + + # Make this configuration the current configuration. + # The readlink is there to ensure that when $systemConfig = /system + # (which is a symlink to the store), /run/current-system is still + # used as a garbage collection root. + ln -sfn $(cat ${config.system.profile}/systemConfig) /run/current-system + + # Prevent the current configuration from being garbage-collected. + ln -sfn /run/current-system /nix/var/nix/gcroots/current-system + + ${config.system.activationScripts.etcChecks.text} + ${config.system.activationScripts.etc.text} + ${config.system.activationScripts.keyboard.text} + + # The following line is added by me + ${config.system.activationScripts.postActivation.text} ''; }